On Mon, Jan 10, 2011 at 04:04:17PM +0100, Jakub Hrozek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 01/06/2011 06:23 PM, Adam Tkac wrote:
> > Hello,
> > 
> > attached patch introduces new bind-dyndb-ldap parameter called
> > "timeout". It controls timeout of the LDAP queries and by default is
> > set to 10 seconds.
> > 
> > The patch solves https://fedorahosted.org/bind-dyndb-ldap/ticket/3.
> > 
> > Regards, Adam
> > 
> 
> The code looks OK but I'm wondering whether it would make more sense to
> set it globally using ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT) rather
> that for the single ldap_search() call. That way, any other ldap_* calls
> and also the LDAP bind operation would be controlled from a single place.

Good idea. However I would rather use LDAP_OPT_TIMEOUT. Improved patch
is attached.

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.
>From 26a1f34d7a3bf8ee8ab9b8ce2d9280d77c0e82ce Mon Sep 17 00:00:00 2001
From: Adam Tkac <at...@redhat.com>
Date: Thu, 6 Jan 2011 18:17:14 +0100
Subject: [PATCH] Add new parameter - "timeout".

This parameter controls timeout of the LDAP queries. Generally timeout
of resolvers is 5 seconds so 10 seconds by default should be enough.

Solves ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/3.

Signed-off-by: Adam Tkac <at...@redhat.com>
---
 README            |    5 +++++
 src/ldap_helper.c |   15 +++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 758f141..5c80344 100644
--- a/README
+++ b/README
@@ -139,6 +139,11 @@ zone_refresh (default 0)
        a zone. If this option is set to 0, the LDAP driver will never refresh
        the settings.
 
+timeout (default 10)
+       Timeout (in seconds) of the queries to the LDAP server. If the LDAP
+       server don't respond before this timeout then lookup is aborted and
+       BIND returns SERVFAIL. Value "0" means infinite timeout (no timeout).
+
 
 5.2 Sample configuration
 ------------------------
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index fbe9f9e..ece2f19 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -126,6 +126,7 @@ struct ldap_instance {
        ld_string_t             *base;
        unsigned int            connections;
        unsigned int            reconnect_interval;
+       unsigned int            timeout;
        ldap_auth_t             auth_method;
        ld_string_t             *bind_dn;
        ld_string_t             *password;
@@ -291,6 +292,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
                { "uri",         no_default_string              },
                { "connections", default_uint(2)                },
                { "reconnect_interval", default_uint(60)        },
+               { "timeout",     default_uint(10)               },
                { "base",        no_default_string              },
                { "auth_method", default_string("none")         },
                { "bind_dn",     default_string("")             },
@@ -346,6 +348,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
        ldap_settings[i++].target = ldap_inst->uri;
        ldap_settings[i++].target = &ldap_inst->connections;
        ldap_settings[i++].target = &ldap_inst->reconnect_interval;
+       ldap_settings[i++].target = &ldap_inst->timeout;
        ldap_settings[i++].target = ldap_inst->base;
        ldap_settings[i++].target = auth_method_str;
        ldap_settings[i++].target = ldap_inst->bind_dn;
@@ -1545,6 +1548,7 @@ ldap_connect(ldap_connection_t *ldap_conn)
        int ret;
        int version;
        ldap_instance_t *ldap_inst;
+       struct timeval timeout;
 
        REQUIRE(ldap_conn != NULL);
 
@@ -1561,10 +1565,11 @@ ldap_connect(ldap_connection_t *ldap_conn)
        ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
        LDAP_OPT_CHECK(ret, "failed to set LDAP version");
 
-       /*
-       ret = ldap_set_option(ld, LDAP_OPT_TIMELIMIT, (void 
*)&ldap_inst->timeout);
-       LDAP_OPT_CHECK(ret, "failed to set timeout: %s", ldap_err2string(ret));
-       */
+       timeout.tv_sec = ldap_conn->database->timeout;
+       timeout.tv_usec = 0;
+
+       ret = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &timeout);
+       LDAP_OPT_CHECK(ret, "failed to set timeout");
 
        if (ldap_conn->handle != NULL)
                ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL);
@@ -1697,6 +1702,8 @@ handle_connection_error(ldap_connection_t *ldap_conn, 
isc_result_t *result)
                        log_error("connection to the LDAP server was lost");
                if (ldap_connect(ldap_conn) == ISC_R_SUCCESS)
                        return 1;
+       } else if (err_code == LDAP_TIMEOUT) {
+               log_error("LDAP query timed out. Try to adjust \"timeout\" 
parameter");
        } else {
                err_string = ldap_err2string(err_code);
        }
-- 
1.7.3.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to